Concluding Session: Concluding remarks from the Steering Committee
Chair: Wm.(Bill) Barnhill, Booz Allen Hamilton & Secretary, Steering Committee OASIS eGov Member Section
Randeep Sudan , Practice Leader for e-Government, Global ICT Department, World Bank
Very interesting sessions – trying to highlight the key takeaways:
- Open standards are important, interoperability is really important – but open standards should be viewed as part of a framwork, not isolated, long term stability is vital
- Importance of security- risk management framework is a vital approach, a structured way to look at security issues; there’s a whole range of stakeholders involved, all of them should be mentioned in the framework
- Cloud computing – new approaches, developing countries should start experimenting & using the cloud
- Suggestion – connect experts in the field to share experience
Panel Two: Public Financial Management and e-Procurement
Chair: Laurent Liscia, Executive Director, OASIS
David Temoshok, Director, Identity Policy & Management, GSA, Washington
What does interoperability really mean in this environment?
Focus on approach for e-Procurement in this talk
US eGov initiatives – since 2001
- aims: reduce federal spending, less paperwork, better response time
- 24 projects as starting point
- Integrated Acquisition Environment (IAE) to promote competition, transparency and efficiency in the federal acquisition life cycle
projects: G2G, G2B, G2C, internal effectiveness & efficiency
Provided business services are based on a common infrastructure model
Federal Identity and Access Management
U.S. Government Four Authentication Assurance Levels
- NO confidence
- SOME confidence
- HIGH confidence
- VERY HIGH confidence
If assurance increases, costs increase as well – for the transactions as well as the credentials
Applying a standard framework with all projects
- it’s not possible to get a single product
- GSA definition of interoperability: “â€¦Two or more devices, components, or systems to exchange information in accordance with defined interface specifications and to use the information that has been exchanged in a meaningful way”
- common protocols
- standard data models
- reference implementations
- standard testing for interoperability
IAE – goals:
- simple integrated business processes
- increase data sharing
- unified approach to obtain modern tool
IAE – business areas & transactions:
- create standards for registration/sharing points & for transactions – “common language”
- Establish federal governance framework
- Engage stakeholders
- Communication is vital
- Redesigning is a big challenge
John T. Sabo, CISSP Director, Global Government Relations, CA, Inc.
Interoperable framework with a need for security
What if enterprises rely on infrastructure we do not control?
There is a growing internet dependence – it is sometimes impossible to step back
Control System vulnerabilities are dangerous too – even though they do not necessarily affect the financial sector
We do not have risk management models – too low priority
There is a cybersecurity foundation in place working with the officials
- There are basic technology standards
- Also for identity and access management
- So a lot of basics are in place
- But we don’t have an overarching risk management framework in place
Cybersecurity is a functional requirement
Complexities of the IT Sector make it very challenging to apply risk management
A lot of stakeholders which contribute to the (in)security of the network
There is an “IT Sector Specific Plan” in place
- What is the governments role in protecting critical infrastructure? / What’s the role of the private sector?
- Thresholds for cyber-incidents
- New Federal Leadership, Organizational Alignment
- Legislation and Oversight on standards
4 Strategic Focus Areas
- dentity and Trust Infrastructure Components
- Identity and Trust Policies and Enforcement
- Barriers and Emerging Issues
- Education and Outreach
A number of technical committees working on interoperability standards
Key Management Interoperability Protocol (KMIP)
- key lifecycle management
- how to manage keys
We have emerging cybersecurity risks, we have some basics in place and we have to build on these foundations, public and private sector together
Eduardo Talero, Senior Consultant, World Bank
Electronic Government Procurement (eGP)
- provides transparency, efficiency, synergy to government procurement
- supply chain integration
- Enhance connectivity and interoperability
- Generate trust
- More competition
- More transparency
- Increased ROI
- Enhance efficiency and flexibility of public procurement
Privacy fears – some incidents happened, it IS dangerous
Standards and eGP
- various standards
- HTTP, HTTPS, UDDI, ebXML
Use of Open Standards/Open Source by 14 leading eGP governments:
- only few usage of Linux/Apache/MySQL, …
Standards/FOSS and agile system development
Short design time for eGovernance systems
- resulting system: black box
- limited configurability
- vendor lock in
- monopoly on pricing
- limited interoperability
- This has to change!
Using open standards and agile development can provide major improvements in eGovernment systems
Ideal systems: industrial-strength eGovernance systems that are also easy to change, interoperable, social, knowledge-oriented, community-drivenâ€¦
What can MDBs do?
- develop lending instruments and procurement procedures for agile system development
- level procurement playing field
- reference good practice standards
- recommend standards
- “Standards enhance economy, efficiency, competition, transparency and evolution of eGP
- Free and Open source SW (FOSS) facilitates and accelerates use of open standards
- Open standards/FOSS facilitate fast, iterative development of eGovernance applications which now take too long and are very risk-prone.
- Governments cannot afford to build the organic, social applications of the future only with proprietary standards/technology.
- MDBs can be far more proactive in referencing, recommending and sometimes even requiring Standards.
- MDBâ€™s need to create level playing field for procurement of FOSS and for contracting of agile application development. “
If you want to do eGovernment well, the only way to do it is via open standards
Q & A:
Q: Will there be a forum for issues considering open standards development?
Eduardo Talero: There is awareness that there is a discussion needed, you are welcome to join.
Q: How do governments contribute to open source solutions? At some point governments have to address the copyright issues.
Q: Are there off-the-shelf e procurement products, not to start from scratch? Could you name which country/ies has/have implemented them with demonstrable good results?
A: Two systems on Sourceforge. But there is nothing which could for example replace SAP.
Q: How come that Open source is not popular yet in eGovernment initiatives?
Eduardo Talero: I don’t know any major system – and it does not really make sense, the role is to foster development, not to provide a whole system.
Q: Which developing country already implemented eGovernment initiatives
A: None has implemented the whole framework, but some have implemented certain parts – e.g. Vietnam, Sri Lanka.
Panel One: Identity, Authentication and Security
Chair: Deepak Bhatia, Practice Leader for e-Government Applications, Global ICT Department, World Bank
Once againback the importance of standards
Vendors and technology can stay and go but open standards should stay forever
It’s really difficult to provide a citizen-centered view
Speaker:Â Colin Wallis, Identity Standards Manager, New ZealandÂ Government, OASIS eGov Steering Committee, OASIS eGov Steering Committee
Clues, what New Zealand has got and how the development took place+
Life would be easy with just one standardization organization, but there are several such bodies – net sector SDO, sector standards, jurisdiction, protocols – “standards soup”
Some of the organizations:
- W3C – founder: Tim Berners Lee, important for standards
- IETF – Internet Engineering Task Force
- ISO – International Organization for Standardization
We want to get to Web 3.0, Identity 2.0 and Government 2.0 – but first we have to reach Identity 1.0, Interoperability 1.0, Convergence 0.0
eGov profile of SAML – differently applied in different countries
It’s vital to ensure that the applications in different countries “talk to each other”
- “have the power”
- Vote – 1 country, 1 vote – use it responsibly
- Knowledge – it’s already there and can be used
- It’s important to begin
Speaker: Bob Sunday, Senior Architect, CTO, PWGSC, Canada & OASIS eGov Steering Committee
Canada: 33m population, low density – how to get services to all these people
2000 – strong push to anabling government services online, big success story
- Building a new Canda-wise network
- Secure infrastructure
In 2000 PKI (public key infrastructure) was the standard, so Canada build one – now it’s used in 83 different programs
- epass certificates
- nowadays: over 5m certificates issued
- ~0,5m unique logins per week
- amazing sucess
Now it has to be replaced – opportunity to chose the standards which will stay for the next 10-20 years
Getting ready for the “SAML-wireless world”
- multiple credential providers
- multiple levels of assurance
- technology neutral
It’s important now to chose a standard-based architecture, they have to be fully integrated
A lot of decisions have to be taken:
- Underlying architecture: long term stability -> SAML , it’s an entire architecture
- Proven implementation profile: ensure availability of proven interoperable COTS products
Strategy to move to a new system:
- From an existing epass solution, they users and the applications have to be moved to a new system with a new credential system
- the new system has to talk to the old system
- finally the converted applications have to be replaced by new applications, which work with the converted users
“We are just at the beginning of the path”
- It’s vital to have a framework putting the open standards together
- It’s important for them to be interoperable
- Testing interoperability is really good
- Stability for the long term is substantial
Speaker: Ron Ross, Senior Computer Scientist and Information Security Researcher, National Institute of Standards and Technology
Security is at the core of making the technology work
Security is not an impediment, but an enabler
Security is a combination of management, techical & operational aspects
We need to establish a standard on due diligence
Business relationship: how do I know that I can trust my partner?
- Common language to describe security
- Open standards for security
There is big business in destroying customers, breaking into systems, stealing intellectual property, …
It’s important to make a global effort for enhanced security
Today we are so dependent on technology, security should be our first concern
Important parts of an enterprise security concept – framework for managing risk:
- Security plan
- Security assesment report – did we do a good job managing riks?
- Plan of action and milestones – how to manage vulnarabilities
Q & A:
Q: When you have providers in the country, is there also a drive for identity management across the borders?
Bob Sunday: Of course – but you have to define the work “identity”, Canada has gone away from credintialing, anonymous credentialing has big strengths.
A: Standardization around identity management is possible.
Q: Is Ghana a leader in eGovernment and are you willing to share with other African countries?
Sam Somuah: We are quite far ahead, definitely we are willing to share our experiences.
Q:Why is seperation of credential providers necessary?
Bob Sunday: Seperation of credential providers because it’s a commercial market for credential providers – it’s a way to make it more competitive. We don’t want to force the citizins to have a certain credential.
Q: How is membership in OASIS organized?
A: Your membership will be a government membership, so everybody can join there. OASIS is made up of its members, they decide.
Q: Explain more this quote: “We want Web 3.0, Identity 2.0 and Gov 2.0, but 1st: Identity 1.0, Interoperability 1.0, Convergence 0.0″
A: There’s a lot of people looking ahead to what’s in the future – but the developments right now should be to “get the engines going”, the basics have to be in place to start further advances.
Q: Is Cloud Computing already relevant in this enterprise architecture discussion?
A: Just short: it’s much more complex than people think.
Speaker: Dr. Sam Somuah, Director General, Ghana Information and Communications Directorate (GICTeD)
presenting efforts & eGovernment initiatives in Ghana
opportunity to create improvement in government – more convenient interactions with citizens;
it’s important to assure interoperability between government agencies
Ghana: 23m inhabitants, 75% literacy rate, per capita income: 661$, language: English
Ghana ICT4AD – transform Ghana to an information rich society by using ICTs;
Transforming eGovernment, stages: web presence -> construct -> interact -> transact -> transform
Currently in the second year of an 11 year plan, good collaboration with the World Bank
e-Ghana project: improve delivery of eGovernment services & leverage ICTs for economic growth & poverty reduction
e-Government Interoperability Framework (eGIF) – “A set of Policies, Technical Standards, as well as Guidelines covering ways to achieve interoperability among MDAs and other Government organizations”
How are open standards used?
- All activities are highly formalized
- There exists legislation to ensure compliance with standards
Why does Ghana want to go the direction to apply an international interoperbility framework?
- increased efficience
- more investments
All agencies, new projects, … have to comply to the standards
All the standards & guidelines conform to open standard principles
- Internet & WWW standards
- XML as standard
- Browser as key interface
- Adopt open standards supported by the market
Scope of e-GIF: all sectors, from G2G (government to government) to G2C (government to citizen)
Several working groups under the guidance of Ghana ICT Directorate (GICTeD)
It is important to assure to have good guidance
Issues that are adressed concerning technical standards:
- e-services Access – standards for different hardware
- Interconnectivity – standards for connecting systems
- Security – standards for encryption
- Business Areas – standards for business specific content
- Discovery – standards for locating resources
- Data Exchange & Integration – standards for metadata
At the country level there are a lot of beneftis of open standards – improving quality of contact to citizens, but also business impact
It is planned to implement a government portal
- “ICT provides Ghana with opportunity to meet development Goals
- The e-Government initiative on Interoperability will support improved service delivery to citizens; reducing the cost to government of delivering services and sharing information; and delivering greater economic efficiencies for the wider economy
- Collaboration with bodies such as OASIS, W3C etc will facilitate GoG efforts”
Introduction of the viewers worldwide: Ghana, Kenya, Moldova, Russia, Rwanda, Sri Lanka, Tanzania
Outcomes at local workshops discussing the topics in advance:
- Russia: developments in the last 10 years in the IT sector, quite impressive number of projects; but Russia is lacking behind in open standards & interoperability because there is a lack of guidelines
- Sri Lanka: discussion open standards especially at the architecture level; how to get more people to apply standards
- Tanzania: different starting points – issues of vendor/buyer relations, awareness, procurement, legal environment; how to make the local IT industry support the standards; documentation is often inadequate; workgroups for the evolution of standards – contribution of international organizations; raise awareness for the need for open standards; create instruments to empower people; cross border interoperability – ideas: compliance to international standards bodies, interaction between regional bodies, formalizing as quickly as possible
Opening Keynote Session: Open Standards for Government Transformation
Workshop moderator: Randeep Sudan, Practice Leader for e-Government, Global ICT Department, World Bank
Introduction of speakers;
It’s vital to involve developing countries in the process workshop today is part of government transformation initiative – provide a network for developing countries to assist in eGovernment increasingly open standards are getting mentioned a lot.
Welcome and Introduction:
- Laurent Liscia, Executive Director, OASIS
Very fond of worldwide audience – right question were asked
OASIS – organization which promotes open standards;
open source is not open standards; open source has different versions which don’t interoperate; open standards make sure that everything interoperates;
examples for created standards: ODF (open document format – Star Office, Open Office), ebXML, …
everybody should become a member to profit from these standards and the increased interoperability
- Han Fraeters, Manager, GDLN/ Knowledge Exchange, World Bank
World Bank Institute – trying to reach more scale by doing things in partnerships, also with business;
trying to change the approach to learning – it’s not only about technical things, but also about social processes;
it’s important to identify the potential and capacities, constraints, the momentum for change; understanding the local conditions is vital to build a reform process
IT is an enabler for change in governments
learning is important – but not the kind which happend in the classroom, but through exchange of experience
- Randeep Sudan, Practice Leader for e-Government, Global ICT Department, World Bank
if we think of interoperability, organizational issues are as important as technical ones
there is an increasing awareness on open standards – UK has come up with an action plan on open standards, Indian government is also planning on transforming to open standards
Added later (15:32 CET):
- Philippe Dongier, Manager, Global ICT Department, World Bank
What could be a way to support many countries?
One way to answer: round table with the president of the world bank & business leaders – how to benefit from collaborations with the industry
A network which should be formed here – peer to peer networks of practitioners for various sectors such as eProcurement, identification, … – also with the private sector & organizations such as OASIS
World Bank wants to support these networks with whatever they need to do it right
Initiative: funding to support transforming strategies of governments of developing countries; working with a wide range of countres
On Friday 17 April there will be a workshop organized by the eDevelopment group of the World Bank, OASIS (organization promoting and developing open standards) and the World Bank Institute about Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability. It will be held in Washington DC from 8:15 to 15:30 local time and speakers include worldwide professionals in the field of open standards, as well as officials from the World Bank, OASIS and the private sector.
Open standards are substantial to guarantee transparency, security and interoperability, especially in times of rapid technological development and increasing reliance on software tools for government interaction with their citizens.
Furthermore, as Paul Collier also stated in his book “The Bottom Billion“, in particular in so-called “less developed countries” open and internationally agreed standards can give governments a good guideline for reforms, increasing trust of citizens and investors.
Oleg Petrov, the eDevelopment group coordinator also wrote a blog post about the event, stating that the workshop
offers a unique opportunity to exchange experiences amongst professionals from the World Bank, leading public administrations, country clients and the private sector regarding the significance of open standards for public sector reform and efficiency. Issues surrounding public financial management, e-procurement, cloud computing, electronic identitification, security, and interoperability frameworks will be discussed. [from Open Standards for Government Transformation: Enabling transparency, security and interoperability]
ICT4D.at will attend whis event via webcast and twitter and blog live.
If you are interested in joining – please register online:
+ To attend in person in Washington DC register here:
+ To attend online via live webcast register here: